<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<section class="l-section"><div class="l-section-h i-cf"><h2>Grabber Package Description</h2>
<p style="text-align: justify;">Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.</p>
<p>Features:</p>
<ul>
<li>Cross-Site Scripting</li>
<li>SQL Injection (there is also a special Blind SQL Injection module)</li>
<li>File Inclusion</li>
<li>Backup files check</li>
<li>Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)</li>
<li>Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT</li>
<li>JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint</li>
<li>Generation of a file [session_id, time(t)] for next stats analysis.</li>
</ul>
<p>Source: http://rgaucher.info/beta/grabber/<br>
<a href="http://rgaucher.info/beta/grabber/" variation="deepblue" target="blank">Grabber Homepage</a> | <a href="http://git.kali.org/gitweb/?p=packages/grabber.git;a=summary" variation="deepblue" target="blank">Kali Grabber Repo</a></p>
<ul>
<li>Author: Romain Gaucher</li>
<li>License: BSD</li>
</ul>
<h3>Tools included in the grabber package</h3>
<h5>grabber – Web application vulnerability scanner</h5>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="45372a2a31052e24292c">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# grabber -h<br>
Usage: grabber [options]<br>
<br>
Options:<br>
  -h, --help            show this help message and exit<br>
  -u ARCHIVES_URL, --url=ARCHIVES_URL<br>
                        Adress to investigate<br>
  -s, --sql             Look for the SQL Injection<br>
  -x, --xss             Perform XSS attacks<br>
  -b, --bsql            Look for blind SQL Injection<br>
  -z, --backup          Look for backup files<br>
  -d SPIDER, --spider=SPIDER<br>
                        Look for every files<br>
  -i, --include         Perform File Insertion attacks<br>
  -j, --javascript      Test the javascript code ?<br>
  -c, --crystal         Simple crystal ball test.<br>
  -e, --session         Session evaluations</code>
<h3>grabber Usage Example</h3>
<p>Spider the web application to a depth of 1 <b><i>(–spider 1)</i></b> and attempt SQL <b><i>(–sql)</i></b> and XSS <b><i>(–xss)</i></b> attacks at the given URL <b><i>(–url http://192.168.1.224)</i></b>:</p>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="8dffe2e2f9cde6ece1e4">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# grabber --spider 1 --sql --xss --url http://192.168.1.224<br>
Start scanning... http://192.168.1.224<br>
runSpiderScan @  http://192.168.1.224  |   # 1<br>
Start investigation...<br>
Method = GET  http://192.168.1.224<br>
[Cookie]    0   :   &lt;Cookie PHPSESSID=2742cljd8u6aclfktf1sh284u7 for 192.168.1.224/&gt;<br>
[Cookie]    1   :   &lt;Cookie security=high for 192.168.1.224/&gt;<br>
Method = GET  http://192.168.1.224<br>
[Cookie]    0   :   &lt;Cookie PHPSESSID=2742cljd8u6aclfktf1sh284u7 for 192.168.1.224/&gt;<br>
[Cookie]    1   :   &lt;Cookie security=high for 192.168.1.224/&gt;</code>
</div></section><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
